Middle East and Africa Forum

Cape Town, South Africa
14-15 March 2018

Join us at the 2018 Middle East and Africa Forum

Don’t miss THE data security event of the year for the payment card industry. Join us for: Networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes and industry expert speakers.


The PCI Security Standards Council’s 2018 Middle East and Africa Forum (MEAF) is THE place to be. We provide you the information and tools to help secure payment data. We lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches. Don’t miss out!


We are aware of the content water situation/shortage in Cape Town, learn more about how our partners are working to apply sustainable practices.


Join us for a day of discovery, updates and insights from members of the Council and regional community figures and merchants.

Wednesday, 14 March 
7:30 Registration Open
7:30 - 9:00Networking Breakfast and Vendor Showcase
9:00 – 9:30Welcome Remarks
Presented by: Jeremy King, International Director, PCI Security Standards Council
9:30 - 10:15Keynote: State of the Council
Presented by: Lance J. Johnson, Executive Director, PCI Security Standards Council

10:15 - 10: 45Regional Insights - A Panel Discussion

Moderated by: Jeremy King, International Director, PCI Security Standards Council

Joined by Panelists: Andrew Henwood, CEO, Foregenix, Leticia Mentz, Strategy and Research Manager, Payments Association of South Africa (PASA) and Aadesh Gawde, Principal Consultant, ProVise Consulting

Join this session for a panel discussion on the Middle East and Africa threat landscape, evolution of payments and how the region is helping to secure payment data.
10:45 - 11:15Networking Break and Vendor Showcase

11:15 - 12:15Shifting Paradigms: How Innovation is Changing Payment Security (and Standards)
Presented by: Troy Leach, Chief Technology Officer, PCI Security Standards Council
12:15 - 13:00Industry Keynote: Combating the Cyber Security Threat to Your Business
Presented by: Christopher Novak, Director, Investigative Response Verizon RISK Team

Attendees will learn about the latest evolution in the cyber security landscape, the threat actors orchestrating these attacks, the impacts to our payment card ecosystem, and how to harden your environment to such threats.
13:00 - 14:00 Networking Lunch and Vendor Showcase
14:00 - 14:45Day Zero – Watershed Moments from Regional Assessments & Incident Response and Forensic Investigations
Presented by: Andrew Henwood, CEO, Foregenix

During this session, Andrew will be providing a regional perspective relating to Foregenix’ real-world consultative engagements. These surround not only PCI Assessments, but actual DFIR investigations into large cardholder data breaches and hacks. We will hear about organizational reactions and responses (as incidents usually come as a surprise) and take away best practice recommendations.
14:45 - 15:30How Could Africa Benefit from the Lessons that Europe Learned the Hard Way?
Presented by: Steve Marshall, Chief Operating Officer, Risk-X

This session will show how Europe is adapting to the changing face of payment security and the solutions that are used. Having been a QSA for 10 years, and now a PFI, Mr. Marshall will share his experiences of the payment compromises that have happened in Europe. European companies have learned the hard way (well, some of them!) what works and what doesn't. Africa is on an amazing growth curve in terms of change to its payments solutions. Learn how you can avoid the pitfalls the Europeans made and get it right the first time!
15:30 - 16:00Networking Break and Vendor Showcase
16:00 - 16:30PCI DSS Compliance Through Cybersecurity Operations Center (CSOC) & Threat Management
Presented by: Aadesh Gawde, Principal Consultant, ProVise Consulting

This session will discuss how PCI related risks, threats and vulnerabilities should be identified, mitigated, monitored and overall managed through the CSOC and threat management capabilities of an organization. Mr. Gawde will look at the identification of Tech, PCI non-compliance in network, processes, applications, databases, endpoints and mitigating as the first step as well as monitoring the residual risks and close monitoring for primary controls through the CSOC.
16:30 - 17:00How Compliance Positively Impacts Customer Satisfaction
Presented by: Willem Botes, Business Development Manager, Eckoh and Ramon Lipparoni, IT Integrations Manager working with a leading South African Airline

Deploying and working with a DTMF suppression solution can come with challenges within a client facing environment. But the rewards of a successful solution, effectively delivered, on time and on budget are compelling. Join us to hear how a prominent South African Airline, achieved PCI DSS compliance, protected their clients’ sensitive payment card data from being exposed and helped with the PoPI legislation in South Africa.

A unique and personal perspective of a deployment for a leading South African Airline who have successfully implemented and use a DTMF suppression solution.
17:00 - 17:30PCI DSS May Simplify Protection of Personal Information (PoPI) Compliance
Presented by: Simeon Tassev, Managing Director, Galix Networking Pty. Ltd.

In this session, you will learn how PCI DSS may help simplify PoPI compliance. South African businesses are preparing for the implementation of the Protection of Personal Information (PoPI) Act, undergoing audits and testing compliancy. This is a large task on its own, however, many organisations are simultaneously doing a PCI DSS audit, making for an even more complex and challenging process. PCI DSS, is a well-entrenched standard, with established best practices in place, and tried-and-trusted implementation processes.
17:30 - 19:00Networking Reception and Vendor Showcase
Thursday, 15 March
7:30Registration Open
7:30 - 9:00Networking Breakfast and Vendor Showcase
9:00 - 9:30 Welcome Remarks and Regional Update
Presented by: Jeremy King, International Director, PCI Security Standards Council
9:30 - 10:15Keynote: Security beyond Compliance (A New Hope)
Presented by: Haroon Meer, CEO, Thinkst

The frequency and impact of recent high-profile breaches has been positively depressing. Besides the increasing number of incidents themselves, there’s been a growing phalanx of security vendors clamoring to sell us stuff (we don’t need) and promising to solve our problems (while sometimes making them worse). It’s a security nihilist’s dream, and despair seems like a reasonable option. However, a new type of security engineering is taking root, which suggests hope for effective corporate security at enterprise scale. We will look at some of these examples, and discuss them in light of both the potential it promises and the (new) challenges it highlights for us in Africa.
10:15 - 10:45Networking Break and Vendor Showcase
10:45 - 11:30PCI Programs Update
Presented by: Mauro Lance, Chief Operating Officer, PCI Security Standards Council
11:30 - 12:15Exploring PCI Beyond Card Payments
Presented by: Walter Volker, Chief Executive Officer, The Payments Association South Africa (PASA)

As technologies advance and the payments world continues to evolve, the lines between card and electronic payments seem to grow increasingly vague. This session explores the risks and opportunities that future payment landscapes hold.
12:15 - 12:45Making a Global Impact with PCI SSC: How You Can Get Involved and Resource Overview
Presented by: Jeremy King, International Director, PCI Security Standards Council and Mark Meissner, VP Public Relations, PCI Security Standards Council

Attend this session to hear about everything that PCI SSC has to offer you and your organization so you can help secure payment data. We will also share all the ways you can be more involved with PCI SSC.










Please continue to check back for updates on our Sponsors


Sponsorship Opportunities

An exclusive opportunity to position your company as a leader in the global payment security industry.



Employee Education is the Best Defense for Protecting your Organization’s Data Assets.

In conjunction with the Middle East and Africa Forum three training courses are available, allowing attendees to make the most of their travel time and budgets. The trainings will take place at The Westin Cape Town.

Qualified Security Assessor Training |  7-8 March

The two-day Qualified Security Assessor (QSA) class provides instruction on how to conduct assessments of merchants, institutions and service providers who must be compliant with the PCI DSS.

Payment Card Industry Professional |  9 March

The only instructor-led Payment Card Industry Professional (PCIP) class scheduled for 2018 delivers an individual qualification in payment security information.  Come away armed with the tools to support a secure payment environment and help your organization achieve PCI compliance.

Internal Security Assessor | 12-13 March

The two-day Internal Security Assessor (ISA) class provides large merchants, acquiring banks, and processors the opportunity to build their internal payment data security expertise, as well as increase their efficiency in complying with PCI Standards.


Current Exhibitors:

Get the latest updates on the 2018 Middle East and Africa Forum by joining our mailing list.